CVE-2024-34750

{"id": "CVE-2024-34750", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2024-07-03T20:15:04.083", "references": [{"url": "https://lists.apache.org/thread/4kqf0bc9gxymjc2x7v3p7dvplnl77y8l", "tags": ["Vendor Advisory"], "source": "[email protected]"}, {"url": "https://lists.apache.org/thread/4kqf0bc9gxymjc2x7v3p7dvplnl77y8l", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.debian.org/debian-lts-announce/2025/07/msg00009.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://security.netapp.com/advisory/ntap-20240816-0004/", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-400"}, {"lang": "en", "value": "CWE-755"}]}], "descriptions": [{"lang": "en", "value": "Improper Handling of Exceptional Conditions, Uncontrolled Resource Consumption vulnerability in Apache Tomcat. When processing an HTTP/2 stream, Tomcat did not handle some cases of excessive HTTP headers correctly. This led to a miscounting of active HTTP/2 streams which in turn led to the use of an incorrect infinite timeout which allowed connections to remain open which should have been closed.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M20, from 10.1.0-M1 through 10.1.24, from 9.0.0-M1 through 9.0.89.\n\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.0 though 8.5.100.\u00a0Other EOL versions may also be affected.\n\n\nUsers are recommended to upgrade to version 11.0.0-M21, 10.1.25 or 9.0.90, which fixes the issue."}, {"lang": "es", "value": "Manejo inadecuado de condiciones excepcionales, vulnerabilidad de consumo incontrolado de recursos en Apache Tomcat. Al procesar una secuencia HTTP/2, Tomcat no manej\u00f3 correctamente algunos casos de encabezados HTTP excesivos. Esto llev\u00f3 a un conteo err\u00f3neo de flujos HTTP/2 activos que a su vez llev\u00f3 al uso de un tiempo de espera infinito incorrecto que permiti\u00f3 que las conexiones permanecieran abiertas y que deber\u00edan haberse cerrado. Este problema afecta a Apache Tomcat: desde 11.0.0-M1 hasta 11.0.0-M20, desde 10.1.0-M1 hasta 10.1.24, desde 9.0.0-M1 hasta 9.0.89. Se recomienda a los usuarios actualizar a la versi\u00f3n 11.0.0-M21, 10.1.25 o 9.0.90, que soluciona el problema."}], "lastModified": "2025-11-03T20:16:12.693", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9B6A2DA7-7AB1-4419-A9E7-D9BD9DA2FA1F", "versionEndExcluding": "9.0.90", "versionStartIncluding": "9.0.0"}, {"criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "45BD20A3-0E9D-40F0-99E4-14A54749FF16", "versionEndExcluding": "10.1.25", "versionStartIncluding": "10.1.0"}, {"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D1AA7FF6-E8E7-4BF6-983E-0A99B0183008"}, {"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone10:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "57088BDD-A136-45EF-A8A1-2EBF79CEC2CE"}, {"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone11:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B32D1D7A-A04F-444E-8F45-BB9A9E4B0199"}, {"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone12:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0092FB35-3B00-484F-A24D-7828396A4FF6"}, {"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone13:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CB557E88-FA9D-4B69-AA6F-EAEE7F9B01AC"}, {"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone14:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "72D3C6F1-84FA-4F82-96C1-9A8DA1C1F30F"}, {"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone15:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3521C81B-37D9-48FC-9540-D0D333B9A4A4"}, {"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone16:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "02A84634-A8F2-4BA9-B9F3-BEF36AEC5480"}, {"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone17:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ECBBC1F1-C86B-40AF-B740-A99F6B27682A"}, {"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone18:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9D2206B2-F3FF-43F2-B3E2-3CAAC64C691D"}, {"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone19:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0495A538-4102-40D0-A35C-0179CFD52A9D"}, {"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2AAD52CE-94F5-4F98-A027-9A7E68818CB6"}, {"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone20:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "77BA6600-0890-4BA1-B447-EC1746BAB4FD"}, {"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F1F981F5-035A-4EDD-8A9F-481EE8BC7FF7"}, {"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "03A171AF-2EC8-4422-912C-547CDB58CAAA"}, {"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone5:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "538E68C4-0BA4-495F-AEF8-4EF6EE7963CF"}, {"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone6:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "49350A6E-5E1D-45B2-A874-3B8601B3ADCC"}, {"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone7:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5F50942F-DF54-46C0-8371-9A476DD3EEA3"}, {"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone8:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D12C2C95-B79F-4AA4-8CE3-99A3EE7991AB"}, {"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone9:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "98792138-DD56-42DF-9612-3BDC65EEC117"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:netapp:ontap_tools:9:*:*:*:*:vmware_vsphere:*:*", "vulnerable": true, "matchCriteriaId": "C2D814BE-93EC-42EF-88C5-EA7E7DF07BE5"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}